Report Name: Linux Patch Wednesday August 2024Generated: 2024-08-22 16:56:58
Product Name | Prevalence | U | C | H | M | L | A | Comment |
---|---|---|---|---|---|---|---|---|
Apache HTTP Server | 0.9 | 1 | 1 | 2 | Apache HTTP Server is a free and open-source web server that delivers web content through the internet | |||
Intel(R) Processor | 0.9 | 1 | 1 | 2 | Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings | |||
Linux Kernel | 0.9 | 2 | 116 | 262 | 380 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | ||
Chromium | 0.8 | 3 | 20 | 23 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |||
GLPI | 0.8 | 1 | 7 | 11 | 23 | 42 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
Mozilla Firefox | 0.8 | 1 | 4 | 10 | 1 | 16 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
Node.js | 0.8 | 1 | 2 | 3 | Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more | |||
PHP | 0.8 | 1 | 2 | 1 | 1 | 1 | 6 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. |
RPC | 0.8 | 1 | 1 | Remote Procedure Call Runtime | ||||
Safari | 0.8 | 5 | 2 | 7 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |||
Zabbix | 0.8 | 4 | 4 | Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services | ||||
.NET and Visual Studio | 0.7 | 1 | 1 | .NET and Visual Studio | ||||
Apache Traffic Server | 0.7 | 3 | 3 | The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid | ||||
BIND | 0.7 | 4 | 4 | BIND is a suite of software for interacting with the Domain Name System | ||||
Calibre | 0.7 | 1 | 2 | 3 | Calibre is a cross-platform free and open-source suite of e-book software | |||
Curl | 0.7 | 1 | 1 | 2 | Curl is a command-line tool for transferring data specified with URL syntax | |||
Envoy | 0.7 | 1 | 1 | 2 | Envoy is a cloud-native, open-source edge and service proxy | |||
FFmpeg | 0.7 | 1 | 1 | 2 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |||
Kubernetes | 0.7 | 1 | 1 | Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management | ||||
Minio | 0.7 | 2 | 1 | 3 | Minio is a Multi-Cloud Object Storage framework | |||
Neat VNC | 0.7 | 1 | 1 | A liberally licensed VNC server library with a clean interface | ||||
Oracle MySQL | 0.7 | 15 | 15 | MySQL is an open-source relational database management system | ||||
Oracle VM VirtualBox | 0.7 | 1 | 8 | 2 | 11 | Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation | ||
QEMU | 0.7 | 1 | 1 | QEMU is a generic and open source machine & userspace emulator and virtualizer | ||||
vim | 0.7 | 1 | 1 | 2 | Vim is a free and open-source, screen-based text editor program | |||
Oracle Java SE | 0.6 | 3 | 3 | Oracle Java SE | ||||
Perl | 0.6 | 1 | 2 | 3 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |||
Python | 0.6 | 1 | 5 | 6 | Python is a high-level, general-purpose programming language | |||
Roundcube | 0.6 | 3 | 3 | Roundcube is a web-based IMAP email client | ||||
Rust Standard Library | 0.6 | 1 | 1 | The Rust Standard Library is the foundation of portable Rust software, a set of minimal and battle-tested shared abstractions for the broader Rust ecosystem | ||||
wpa_supplicant | 0.6 | 1 | 1 | wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku | ||||
Consul | 0.5 | 1 | 1 | Product detected by a:hashicorp:consul (exists in CPE dict) | ||||
FRRouting | 0.5 | 1 | 1 | Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD | ||||
Filebeat | 0.5 | 1 | 1 | Product detected by a:elastic:filebeat (exists in CPE dict) | ||||
Flask | 0.5 | 1 | 1 | 2 | Flask is a lightweight WSGI web application framework | |||
HID | 0.5 | 1 | 1 | HID | ||||
JupyterHub | 0.5 | 1 | 1 | Product detected by a:jupyter:jupyterhub (exists in CPE dict) | ||||
Moby Project | 0.5 | 1 | 1 | Moby is an open-source project, created by Docker, to enable and accelerate software containerization | ||||
NVIDIA GPU Display Driver | 0.5 | 1 | 1 | A NVIDIA driver is a software program that enables communication between your computer and the NVIDIA graphics processor installed in your system | ||||
Newlib | 0.5 | 1 | 1 | Product detected by a:newlib_project:newlib (exists in CPE dict) | ||||
Nova | 0.5 | 1 | 1 | Product detected by a:openstack:nova (exists in CPE dict) | ||||
RabbitMQ Java Client | 0.5 | 1 | 1 | Product detected by a:vmware:rabbitmq_java_client (exists in CPE dict) | ||||
TLS | 0.5 | 3 | 1 | 4 | TLS | |||
Vault | 0.5 | 3 | 3 | Product detected by a:hashicorp:vault (exists in CPE dict) | ||||
Virtual GPU | 0.5 | 2 | 2 | Product detected by a:nvidia:virtual_gpu (exists in CPE dict) | ||||
assimp | 0.5 | 1 | 1 | Product detected by a:assimp:assimp (exists in CPE dict) | ||||
django | 0.5 | 1 | 4 | 5 | Product detected by a:djangoproject:django (exists in CPE dict) | |||
fugit | 0.5 | 1 | 1 | Product detected by a:floraison:fugit (does NOT exist in CPE dict) | ||||
libcurl | 0.5 | 1 | 1 | Product detected by a:haxx:libcurl (exists in CPE dict) | ||||
libtiff | 0.5 | 1 | 1 | Product detected by a:libtiff:libtiff (exists in CPE dict) | ||||
moodle | 0.5 | 1 | 1 | Product detected by a:moodle:moodle (exists in CPE dict) | ||||
nginx_open_source | 0.5 | 1 | 1 | Product detected by a:f5:nginx_open_source (does NOT exist in CPE dict) | ||||
ofono | 0.5 | 4 | 4 | Product detected by a:ofono_project:ofono (does NOT exist in CPE dict) | ||||
pdfio | 0.5 | 1 | 1 | Product detected by a:msweet:pdfio (does NOT exist in CPE dict) | ||||
postgresql | 0.5 | 1 | 1 | Product detected by a:postgresql:postgresql (exists in CPE dict) | ||||
stb_image.h | 0.5 | 1 | 1 | Product detected by a:nothings:stb_image.h (exists in CPE dict) | ||||
webob | 0.5 | 1 | 1 | Product detected by a:pylonsproject:webob (does NOT exist in CPE dict) | ||||
Flatpak | 0.4 | 1 | 1 | Flatpak is a utility for software deployment and package management for Linux | ||||
GPAC | 0.4 | 2 | 2 | GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity) | ||||
Git | 0.4 | 2 | 2 | Git | ||||
Oracle WebLogic Server | 0.4 | 1 | 1 | Unified and extensible platform for developing, deploying and running enterprise applications | ||||
Unknown Product | 0 | 31 | 27 | 58 | Unknown Product |
Vulnerability Type | Criticality | U | C | H | M | L | A |
---|---|---|---|---|---|---|---|
Remote Code Execution | 1.0 | 1 | 3 | 4 | 22 | 30 | |
Authentication Bypass | 0.98 | 5 | 17 | 7 | 29 | ||
Code Injection | 0.97 | 1 | 4 | 6 | 4 | 15 | |
Command Injection | 0.97 | 1 | 3 | 4 | 2 | 10 | |
Security Feature Bypass | 0.9 | 6 | 22 | 28 | |||
Elevation of Privilege | 0.85 | 1 | 5 | 6 | |||
Information Disclosure | 0.83 | 1 | 7 | 8 | |||
Cross Site Scripting | 0.8 | 4 | 19 | 1 | 24 | ||
Open Redirect | 0.75 | 1 | 1 | ||||
Denial of Service | 0.7 | 1 | 1 | 8 | 47 | 4 | 61 |
Path Traversal | 0.7 | 1 | 1 | ||||
Incorrect Calculation | 0.5 | 7 | 7 | ||||
Memory Corruption | 0.5 | 3 | 101 | 5 | 109 | ||
Spoofing | 0.4 | 1 | 1 | ||||
Unknown Vulnerability Type | 0 | 42 | 286 | 328 |
Source | U | C | H | M | L | A |
---|---|---|---|---|---|---|
almalinux | 3 | 14 | 5 | 22 | ||
debian | 3 | 26 | 210 | 244 | 483 | |
oraclelinux | 3 | 15 | 13 | 31 | ||
redhat | 4 | 16 | 10 | 30 | ||
redos | 4 | 13 | 32 | 69 | 6 | 124 |
ubuntu | 1 | 8 | 52 | 42 | 103 |
1. Remote Code Execution - PHP (CVE-2024-4577) - Urgent [966]
Description: In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts,
redos: CVE-2024-4577 was patched at 2024-08-16
2. Information Disclosure - Minio (CVE-2023-28432) - Urgent [895]
Description:
redos: CVE-2023-28432 was patched at 2024-08-07
3. Command Injection - Oracle WebLogic Server (CVE-2015-4852) - Urgent [894]
Description: The WLS Security component in
ubuntu: CVE-2015-4852 was patched at 2024-07-31
4. Denial of Service - Minio (CVE-2023-28434) - Urgent [872]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), AttackerKB, NVD:CISAKEV websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com, Vulners:PublicExploit:GitHub:ABELCHE:EVIL_MINIO, BDU:PublicExploit websites | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | Minio is a Multi-Cloud Object Storage framework | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.9 | 10 | EPSS Probability is 0.06841, EPSS Percentile is 0.94004 |
redos: CVE-2023-28434 was patched at 2024-08-07
5. Code Injection - GLPI (CVE-2023-36808) - Urgent [800]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.97 | 15 | Code Injection | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.9 | 10 | CVSS Base Score is 8.6. According to NVD data source | |
0.6 | 10 | EPSS Probability is 0.00189, EPSS Percentile is 0.56903 |
redos: CVE-2023-36808 was patched at 2024-08-12
6. Code Injection - GLPI (CVE-2023-35924) - Critical [788]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.97 | 15 | Code Injection | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.9 | 10 | CVSS Base Score is 8.6. According to NVD data source | |
0.5 | 10 | EPSS Probability is 0.00132, EPSS Percentile is 0.48972 |
redos: CVE-2023-35924 was patched at 2024-08-12
7. Authentication Bypass - GLPI (CVE-2023-35940) - Critical [778]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.5 | 10 | EPSS Probability is 0.00162, EPSS Percentile is 0.53494 |
redos: CVE-2023-35940 was patched at 2024-08-12
8. Authentication Bypass - GLPI (CVE-2023-35939) - Critical [766]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.8 | 10 | CVSS Base Score is 8.1. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00081, EPSS Percentile is 0.35553 |
redos: CVE-2023-35939 was patched at 2024-08-12
9. Code Injection - GLPI (CVE-2024-27096) - Critical [741]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.97 | 15 | Code Injection | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.8 | 10 | CVSS Base Score is 7.7. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
redos: CVE-2024-27096 was patched at 2024-08-12
10. Code Injection - GLPI (CVE-2024-29889) - Critical [717]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.97 | 15 | Code Injection | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.7 | 10 | CVSS Base Score is 7.1. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
redos: CVE-2024-29889 was patched at 2024-08-12
11. Code Injection - GLPI (CVE-2022-31061) - Critical [699]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:VU0R1-SEC:CVE-2022-31061, Vulners:PublicExploit:GitHub:VU0R1:CVE-2022-31061, BDU:PublicExploit websites | |
0.97 | 15 | Code Injection | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
0.6 | 10 | EPSS Probability is 0.0018, EPSS Percentile is 0.55822 |
redos: CVE-2022-31061 was patched at 2024-07-26
12. Command Injection - PHP (CVE-2024-5585) - Critical [699]
Description: In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com, Vulners:PublicExploit:GitHub:TGCOHCE:CVE-2024-1874, BDU:PublicExploit websites | |
0.97 | 15 | Command Injection | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.8 | 10 | CVSS Base Score is 7.7. According to NVD data source | |
0.8 | 10 | EPSS Probability is 0.00438, EPSS Percentile is 0.75192 |
redos: CVE-2024-5585 was patched at 2024-08-16
13. Denial of Service - PHP (CVE-2024-2757) - Critical [692]
Description: In
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
redos: CVE-2024-2757 was patched at 2024-08-16
14. Remote Code Execution - Calibre (CVE-2024-6782) - Critical [688]
Description: Improper access control in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:ZANGJIAHE:CVE-2024-6782, Vulners:PublicExploit:GitHub:JDPSL:CVE-2024-6782, Vulners:PublicExploit:PACKETSTORM:180007, Vulners:PublicExploit:MSF:EXPLOIT-MULTI-MISC-CALIBRE_EXEC-, Vulners:PublicExploit:1337DAY-ID-39714 websites | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Calibre is a cross-platform free and open-source suite of e-book software | |
1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
0.6 | 10 | EPSS Probability is 0.00188, EPSS Percentile is 0.56881 |
debian: CVE-2024-6782 was patched at 2024-08-21
15. Command Injection - Apache HTTP Server (CVE-2024-40898) - Critical [668]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:TAM-K592:CVE-2024-40725-CVE-2024-40898 website | |
0.97 | 15 | Command Injection | |
0.9 | 14 | Apache HTTP Server is a free and open-source web server that delivers web content through the internet | |
0.9 | 10 | CVSS Base Score is 9.1. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00079, EPSS Percentile is 0.34965 |
redos: CVE-2024-40898 was patched at 2024-07-29
16. Remote Code Execution - Mozilla Firefox (CVE-2024-2605) - Critical [651]
Description: An attacker could have leveraged the Windows Error Reporter
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
redos: CVE-2024-2605 was patched at 2024-08-20
17. Authentication Bypass - Neat VNC (CVE-2024-42458) - Critical [625]
Description: {'nvd_cve_data_all': 'server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:SSV:72008, Vulners:PublicExploit:SSV:20911, Vulners:PublicExploit:MSF:AUXILIARY-ADMIN-VNC-REALVNC_41_BYPASS-, Vulners:PublicExploit:MSF:AUXILIARY-SCANNER-VNC-VNC_NONE_AUTH-, Vulners:PublicExploit:EXPLOITPACK:18D918324953F769DBD3618BAF3852A4, Vulners:PublicExploit:PACKETSTORM:104471, Vulners:PublicExploit:REALVNC_NOAUTH, Vulners:PublicExploit:EDB-ID:36932, Vulners:PublicExploit:EDB-ID:17719 websites | |
0.98 | 15 | Authentication Bypass | |
0.7 | 14 | A liberally licensed VNC server library with a clean interface | |
1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.10865 |
debian: CVE-2024-42458 was patched at 2024-08-21
18. Remote Code Execution - GLPI (CVE-2023-33971) - Critical [621]
Description: Formcreator is a
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.6 | 10 | CVSS Base Score is 6.1. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00066, EPSS Percentile is 0.29918 |
redos: CVE-2023-33971 was patched at 2024-08-12
19. Command Injection - Rust Standard Library (CVE-2024-24576) - Critical [618]
Description: Rust is a programming language. The Rust Security Response WG was notified that the
redos: CVE-2024-24576 was patched at 2024-08-05
20. Authentication Bypass - Flask (CVE-2024-6221) - Critical [603]
Description: A vulnerability in corydolphin/
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:huntr.com website | |
0.98 | 15 | Authentication Bypass | |
0.5 | 14 | Flask is a lightweight WSGI web application framework | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00084, EPSS Percentile is 0.36498 |
debian: CVE-2024-6221 was patched at 2024-08-21
21. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21103) - Critical [601]
Description: Vulnerability in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.98 | 15 | Authentication Bypass | |
0.7 | 14 | Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
redos: CVE-2024-21103 was patched at 2024-07-24
22. Authentication Bypass - Moby Project (CVE-2024-41110) - High [591]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:VVPOGLAZOV:CVE-2024-41110-CHECKER, Vulners:PublicExploit:GitHub:PAULOPAROPP:CVE-2024-41110-SCAN, Vulners:PublicExploit:GitHub:SECSABURO:CVE-2024-41110- websites | |
0.98 | 15 | Authentication Bypass | |
0.5 | 14 | Moby is an open-source project, created by Docker, to enable and accelerate software containerization | |
1.0 | 10 | CVSS Base Score is 9.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.14847 |
debian: CVE-2024-41110 was patched at 2024-08-01
redos: CVE-2024-41110 was patched at 2024-07-29
23. Command Injection - GLPI (CVE-2022-39276) - High [580]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:huntr.dev, BDU:PublicExploit websites | |
0.97 | 15 | Command Injection | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.3 | 10 | CVSS Base Score is 3.5. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.30701 |
redos: CVE-2022-39276 was patched at 2024-07-26
24. Authentication Bypass - Nova (CVE-2024-40767) - High [579]
Description: In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:launchpad.net website | |
0.98 | 15 | Authentication Bypass | |
0.5 | 14 | Product detected by a:openstack:nova (exists in CPE dict) | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00067, EPSS Percentile is 0.30077 |
redhat: CVE-2024-40767 was patched at 2024-08-07, 2024-08-08
ubuntu: CVE-2024-40767 was patched at 2024-07-23
25. Code Injection - Calibre (CVE-2024-7009) - High [563]
Description: Unsanitized user-input in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:starlabs.sg website | |
0.97 | 15 | Code Injection | |
0.7 | 14 | Calibre is a cross-platform free and open-source suite of e-book software | |
0.4 | 10 | CVSS Base Score is 4.2. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.18846 |
debian: CVE-2024-7009 was patched at 2024-08-21
26. Denial of Service - Curl (CVE-2024-6197) - High [563]
Description: lib
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | Curl is a command-line tool for transferring data specified with URL syntax | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
redos: CVE-2024-6197 was patched at 2024-08-12
27. Denial of Service - Envoy (CVE-2024-27919) - High [563]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:LOCKNESS-KO:CVE-2024-27316 website | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | Envoy is a cloud-native, open-source edge and service proxy | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16405 |
redos: CVE-2024-27919 was patched at 2024-08-05
28. Cross Site Scripting - GLPI (CVE-2022-39262) - High [561]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:huntr.dev, BDU:PublicExploit websites | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.5 | 10 | CVSS Base Score is 5.2. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00053, EPSS Percentile is 0.22147 |
redos: CVE-2022-39262 was patched at 2024-07-26
29. Cross Site Scripting - GLPI (CVE-2022-39277) - High [561]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:huntr.dev, BDU:PublicExploit websites | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.5 | 10 | CVSS Base Score is 4.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00053, EPSS Percentile is 0.22147 |
redos: CVE-2022-39277 was patched at 2024-07-26
30. Cross Site Scripting - Calibre (CVE-2024-7008) - High [557]
Description: Unsanitized user-input in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:starlabs.sg website | |
0.8 | 15 | Cross Site Scripting | |
0.7 | 14 | Calibre is a cross-platform free and open-source suite of e-book software | |
0.5 | 10 | CVSS Base Score is 5.4. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.0007, EPSS Percentile is 0.31205 |
debian: CVE-2024-7008 was patched at 2024-08-21
31. Denial of Service - stb_image.h (CVE-2023-43281) - High [553]
Description: Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Product detected by a:nothings:stb_image.h (exists in CPE dict) | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.5 | 10 | EPSS Probability is 0.00154, EPSS Percentile is 0.52398 |
debian: CVE-2023-43281 was patched at 2024-08-21
32. Denial of Service - Python (CVE-2024-7592) - High [546]
Description: There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website | |
0.7 | 15 | Denial of Service | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.1958 |
debian: CVE-2024-7592 was patched at 2024-08-21
33. Denial of Service - RabbitMQ Java Client (CVE-2023-46120) - High [541]
Description: The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com, BDU:PublicExploit websites | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Product detected by a:vmware:rabbitmq_java_client (exists in CPE dict) | |
0.5 | 10 | CVSS Base Score is 4.9. According to NVD data source | |
0.6 | 10 | EPSS Probability is 0.00208, EPSS Percentile is 0.59167 |
redos: CVE-2023-46120 was patched at 2024-08-06
34. Authentication Bypass - Apache HTTP Server (CVE-2024-40725) - High [539]
Description: {'nvd_cve_data_all': 'A partial fix for\xa0 CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue. ', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A partial fix for\xa0 CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.62, which fixes this issue.\n\n', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:TAM-K592:CVE-2024-40725-CVE-2024-40898, BDU:PublicExploit websites | |
0.98 | 15 | Authentication Bypass | |
0.9 | 14 | Apache HTTP Server is a free and open-source web server that delivers web content through the internet | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-40725 was patched at 2024-07-18
redos: CVE-2024-40725 was patched at 2024-08-12
ubuntu: CVE-2024-40725 was patched at 2024-07-18
35. Memory Corruption - FFmpeg (CVE-2024-7272) - High [539]
Description: A vulnerability, which was classified as critical, was found in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com, BDU:PublicExploit websites | |
0.5 | 15 | Memory Corruption | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
0.6 | 10 | CVSS Base Score is 6.3. According to NVD data source | |
0.5 | 10 | EPSS Probability is 0.00121, EPSS Percentile is 0.47058 |
debian: CVE-2024-7272 was patched at 2024-08-14, 2024-08-21
36. Security Feature Bypass - Linux Kernel (CVE-2024-42318) - High [525]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:PACKETSTORM:180261 website | |
0.9 | 15 | Security Feature Bypass | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13709 |
debian: CVE-2024-42318 was patched at 2024-08-21
37. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21113) - High [523]
Description: Vulnerability in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.98 | 15 | Authentication Bypass | |
0.7 | 14 | Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17029 |
redos: CVE-2024-21113 was patched at 2024-07-24
38. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21114) - High [523]
Description: Vulnerability in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.98 | 15 | Authentication Bypass | |
0.7 | 14 | Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17029 |
redos: CVE-2024-21114 was patched at 2024-07-24
39. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21115) - High [523]
Description: Vulnerability in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.98 | 15 | Authentication Bypass | |
0.7 | 14 | Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17029 |
redos: CVE-2024-21115 was patched at 2024-07-24
40. Open Redirect - webob (CVE-2024-42353) - High [514]
Description: WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website | |
0.75 | 15 | Open Redirect | |
0.5 | 14 | Product detected by a:pylonsproject:webob (does NOT exist in CPE dict) | |
0.6 | 10 | CVSS Base Score is 6.1. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17727 |
debian: CVE-2024-42353 was patched at 2024-08-21
41. Denial of Service - GPAC (CVE-2023-46929) - High [513]
Description: An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website | |
0.7 | 15 | Denial of Service | |
0.4 | 14 | GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity) | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17727 |
redos: CVE-2023-46929 was patched at 2024-08-07
42. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21116) - High [511]
Description: Vulnerability in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.98 | 15 | Authentication Bypass | |
0.7 | 14 | Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17029 |
redos: CVE-2024-21116 was patched at 2024-07-24
43. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21110) - High [500]
Description: Vulnerability in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.98 | 15 | Authentication Bypass | |
0.7 | 14 | Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation | |
0.7 | 10 | CVSS Base Score is 7.3. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17029 |
redos: CVE-2024-21110 was patched at 2024-07-24
44. Code Injection - GLPI (CVE-2022-35947) - High [497]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.97 | 15 | Code Injection | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
1.0 | 10 | CVSS Base Score is 10.0. According to NVD data source | |
0.6 | 10 | EPSS Probability is 0.0018, EPSS Percentile is 0.55822 |
redos: CVE-2022-35947 was patched at 2024-07-26
45. Denial of Service - pdfio (CVE-2024-42358) - High [494]
Description: PDFio is a simple C library for reading and writing PDF files. There is a denial of service (DOS) vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also lead to a heap-buffer-overflow vulnerability. An infinite loop occurs in the read_camp function by nGroups value. The ttf.h library is vulnerable. A value called nGroups is extracted from the file, and by changing that value, you can cause the program to utilize 100% of the Memory and enter an infinite loop. If the value of nGroups in the file is small, an infinite loop will not occur. This library, whether used as a standalone binary or as part of another application, is vulnerable to DOS attacks when parsing certain types of files. Automated systems, including web servers that use this code to convert PDF submissions into plaintext, can be DOSed if an attacker uploads a malicious TTF file. This issue has been addressed in release version 1.3.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Product detected by a:msweet:pdfio (does NOT exist in CPE dict) | |
0.6 | 10 | CVSS Base Score is 6.2. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13333 |
debian: CVE-2024-42358 was patched at 2024-08-21
46. Memory Corruption - libcurl (CVE-2024-7264) - High [482]
Description: libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:hackerone.com website | |
0.5 | 15 | Memory Corruption | |
0.5 | 14 | Product detected by a:haxx:libcurl (exists in CPE dict) | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.23844 |
debian: CVE-2024-7264 was patched at 2024-08-01
redos: CVE-2024-7264 was patched at 2024-08-16
ubuntu: CVE-2024-7264 was patched at 2024-08-05, 2024-08-20
47. Denial of Service - GPAC (CVE-2023-50120) - High [477]
Description: MP4Box
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com, BDU:PublicExploit websites | |
0.7 | 15 | Denial of Service | |
0.4 | 14 | GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity) | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13333 |
redos: CVE-2023-50120 was patched at 2024-08-07
48. Authentication Bypass - GLPI (CVE-2022-24867) - High [463]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.5 | 10 | EPSS Probability is 0.00133, EPSS Percentile is 0.49191 |
redos: CVE-2022-24867 was patched at 2024-07-26
49. Authentication Bypass - Minio (CVE-2023-28433) - High [458]
Description: {'nvd_cve_data_all': 'Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\\` character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user. This issue is patched in RELEASE.2023-03-20T20-16-18Z. There are no known workarounds.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\\` character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user. This issue is patched in RELEASE.2023-03-20T20-16-18Z. There are no known workarounds.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.7 | 14 | Minio is a Multi-Cloud Object Storage framework | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.5 | 10 | EPSS Probability is 0.00128, EPSS Percentile is 0.48251 |
redos: CVE-2023-28433 was patched at 2024-08-07
50. Command Injection - Apache Traffic Server (CVE-2024-35161) - High [456]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.97 | 15 | Command Injection | |
0.7 | 14 | The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid | |
0.9 | 10 | CVSS Base Score is 9.1. According to NVD data source | |
0.5 | 10 | EPSS Probability is 0.00125, EPSS Percentile is 0.47913 |
debian: CVE-2024-35161 was patched at 2024-08-01
51. Remote Code Execution - Mozilla Firefox (CVE-2024-7520) - High [454]
Description: A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.3041 |
almalinux: CVE-2024-7520 was patched at 2024-08-14, 2024-08-15
oraclelinux: CVE-2024-7520 was patched at 2024-08-13, 2024-08-14
redhat: CVE-2024-7520 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19
ubuntu: CVE-2024-7520 was patched at 2024-08-19
52. Authentication Bypass - Mozilla Firefox (CVE-2024-7525) - High [451]
Description: It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.9 | 10 | CVSS Base Score is 9.1. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00071, EPSS Percentile is 0.31455 |
almalinux: CVE-2024-7525 was patched at 2024-08-14, 2024-08-15
debian: CVE-2024-7525 was patched at 2024-08-07, 2024-08-08, 2024-08-21
oraclelinux: CVE-2024-7525 was patched at 2024-08-13, 2024-08-14
redhat: CVE-2024-7525 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19
ubuntu: CVE-2024-7525 was patched at 2024-08-19
53. Code Injection - GLPI (CVE-2022-39323) - High [449]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.97 | 15 | Code Injection | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.7 | 10 | CVSS Base Score is 7.4. According to NVD data source | |
0.5 | 10 | EPSS Probability is 0.00142, EPSS Percentile is 0.50717 |
redos: CVE-2022-39323 was patched at 2024-07-26
54. Command Injection - Apache Traffic Server (CVE-2023-38522) - High [444]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.97 | 15 | Command Injection | |
0.7 | 14 | The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.5 | 10 | EPSS Probability is 0.00125, EPSS Percentile is 0.47913 |
debian: CVE-2023-38522 was patched at 2024-08-01
55. Authentication Bypass - Chromium (CVE-2024-6995) - High [439]
Description: {'nvd_cve_data_all': 'Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17727 |
debian: CVE-2024-6995 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-6995 was patched at 2024-08-07
56. Authentication Bypass - GLPI (CVE-2023-34106) - High [439]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00081, EPSS Percentile is 0.35553 |
redos: CVE-2023-34106 was patched at 2024-08-12
57. Authentication Bypass - GLPI (CVE-2023-34107) - High [439]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00081, EPSS Percentile is 0.35553 |
redos: CVE-2023-34107 was patched at 2024-08-12
58. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21112) - High [434]
Description: Vulnerability in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.7 | 14 | Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00065, EPSS Percentile is 0.29543 |
redos: CVE-2024-21112 was patched at 2024-07-24
59. Memory Corruption - vim (CVE-2024-41965) - High [434]
Description: Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.5 | 14 | Product detected by a:vim:vim (exists in CPE dict) | |
0.4 | 10 | CVSS Base Score is 4.2. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-41965 was patched at 2024-08-21
60. Remote Code Execution - Chromium (CVE-2024-7256) - High [430]
Description: Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-7256 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-7256 was patched at 2024-08-07
61. Security Feature Bypass - Chromium (CVE-2024-7005) - High [425]
Description: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17727 |
debian: CVE-2024-7005 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-7005 was patched at 2024-08-07
62. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21109) - High [422]
Description: Vulnerability in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.7 | 14 | Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation | |
0.6 | 10 | CVSS Base Score is 5.9. According to NVD data source | |
0.5 | 10 | EPSS Probability is 0.00169, EPSS Percentile is 0.54458 |
redos: CVE-2024-21109 was patched at 2024-07-24
63. Code Injection - GLPI (CVE-2022-35946) - High [413]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.97 | 15 | Code Injection | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00063, EPSS Percentile is 0.27722 |
redos: CVE-2022-35946 was patched at 2024-07-26
64. Code Injection - PHP (CVE-2023-41884) - High [413]
Description: ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.97 | 15 | Code Injection | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.7 | 10 | CVSS Base Score is 7.1. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2023-41884 was patched at 2024-08-21
65. Command Injection - GLPI (CVE-2024-27098) - High [413]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.97 | 15 | Command Injection | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.6 | 10 | CVSS Base Score is 6.4. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00062, EPSS Percentile is 0.27078 |
redos: CVE-2024-27098 was patched at 2024-08-12
66. Security Feature Bypass - Mozilla Firefox (CVE-2024-7529) - High [413]
Description: The date picker could partially obscure security prompts. This could be used by a malicious site to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.8 | 10 | CVSS Base Score is 8.1. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00058, EPSS Percentile is 0.24811 |
almalinux: CVE-2024-7529 was patched at 2024-08-14, 2024-08-15
debian: CVE-2024-7529 was patched at 2024-08-07, 2024-08-08, 2024-08-21
oraclelinux: CVE-2024-7529 was patched at 2024-08-13, 2024-08-14
redhat: CVE-2024-7529 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19
ubuntu: CVE-2024-7529 was patched at 2024-08-19
67. Code Injection - django (CVE-2024-42005) - High [411]
Description: An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.97 | 15 | Code Injection | |
0.5 | 14 | Product detected by a:djangoproject:django (exists in CPE dict) | |
1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.3059 |
debian: CVE-2024-42005 was patched at 2024-08-21
ubuntu: CVE-2024-42005 was patched at 2024-08-06
68. Remote Code Execution - Linux Kernel (CVE-2024-42243) - High [411]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42243 was patched at 2024-08-21
69. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21121) - High [410]
Description: Vulnerability in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.7 | 14 | Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00065, EPSS Percentile is 0.29543 |
redos: CVE-2024-21121 was patched at 2024-07-24
70. Elevation of Privilege - Intel(R) Processor (CVE-2023-49141) - High [408]
Description: Improper isolation in some
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.9 | 14 | Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2023-49141 was patched at 2024-08-21
ubuntu: CVE-2023-49141 was patched at 2024-08-20
71. Security Feature Bypass - Apache Traffic Server (CVE-2024-35296) - High [408]
Description: Invalid Accept-Encoding header can cause
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.7 | 14 | The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid | |
0.8 | 10 | CVSS Base Score is 8.2. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00062, EPSS Percentile is 0.27265 |
debian: CVE-2024-35296 was patched at 2024-08-01
72. Cross Site Scripting - GLPI (CVE-2023-34244) - High [407]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00083, EPSS Percentile is 0.35951 |
redos: CVE-2023-34244 was patched at 2024-08-12
73. Remote Code Execution - Newlib (CVE-2024-30949) - High [404]
Description: An issue in newlib v.4.3.0 allows an attacker to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Product detected by a:newlib_project:newlib (exists in CPE dict) | |
1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-30949 was patched at 2024-08-21
74. Security Feature Bypass - Mozilla Firefox (CVE-2024-5692) - High [401]
Description: {'nvd_cve_data_all': 'On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
redos: CVE-2024-5692 was patched at 2024-08-14
75. Security Feature Bypass - Node.js (CVE-2024-42461) - High [401]
Description: In the Elliptic package 6.5.6 for
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more | |
0.5 | 10 | CVSS Base Score is 5.3. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00091, EPSS Percentile is 0.39627 |
debian: CVE-2024-42461 was patched at 2024-08-21
76. Elevation of Privilege - Intel(R) Processor (CVE-2024-24853) - Medium [397]
Description: Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.9 | 14 | Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings | |
0.7 | 10 | CVSS Base Score is 7.2. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-24853 was patched at 2024-08-21
ubuntu: CVE-2024-24853 was patched at 2024-08-20
77. Cross Site Scripting - GLPI (CVE-2023-22722) - Medium [395]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.7 | 10 | CVSS Base Score is 6.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00072, EPSS Percentile is 0.32046 |
redos: CVE-2023-22722 was patched at 2024-07-29
78. Information Disclosure - .NET and Visual Studio (CVE-2024-38167) - Medium [395]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.7 | 14 | .NET and Visual Studio | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00092, EPSS Percentile is 0.39903 |
almalinux: CVE-2024-38167 was patched at 2024-08-13, 2024-08-15
oraclelinux: CVE-2024-38167 was patched at 2024-08-13
redhat: CVE-2024-38167 was patched at 2024-08-13, 2024-08-15
ubuntu: CVE-2024-38167 was patched at 2024-08-13
79. Denial of Service - Linux Kernel (CVE-2024-38384) - Medium [394]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 8.4. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
redhat: CVE-2024-38384 was patched at 2024-08-07
80. Remote Code Execution - Flask (CVE-2024-32484) - Medium [392]
Description: An reflected XSS vulnerability exists in the handling of invalid paths in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Flask is a lightweight WSGI web application framework | |
0.7 | 10 | CVSS Base Score is 7.4. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00087, EPSS Percentile is 0.37703 |
debian: CVE-2024-32484 was patched at 2024-08-01
81. Remote Code Execution - Curl (CVE-2024-42365) - Medium [390]
Description: Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Curl is a command-line tool for transferring data specified with URL syntax | |
0.7 | 10 | CVSS Base Score is 7.4. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13709 |
debian: CVE-2024-42365 was patched at 2024-08-21
82. Code Injection - GLPI (CVE-2022-39375) - Medium [389]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.97 | 15 | Code Injection | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.5 | 10 | CVSS Base Score is 4.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00054, EPSS Percentile is 0.23505 |
redos: CVE-2022-39375 was patched at 2024-07-26
83. Incorrect Calculation - Mozilla Firefox (CVE-2024-7521) - Medium [389]
Description: Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Incorrect Calculation | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00084, EPSS Percentile is 0.36556 |
almalinux: CVE-2024-7521 was patched at 2024-08-14, 2024-08-15
debian: CVE-2024-7521 was patched at 2024-08-07, 2024-08-08, 2024-08-21
oraclelinux: CVE-2024-7521 was patched at 2024-08-13, 2024-08-14
redhat: CVE-2024-7521 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19
ubuntu: CVE-2024-7521 was patched at 2024-08-19
84. Memory Corruption - Mozilla Firefox (CVE-2024-7530) - Medium [389]
Description: Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00091, EPSS Percentile is 0.39627 |
ubuntu: CVE-2024-7530 was patched at 2024-08-19
85. Cross Site Scripting - GLPI (CVE-2022-24868) - Medium [383]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.7 | 10 | CVSS Base Score is 7.3. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.0005, EPSS Percentile is 0.20133 |
redos: CVE-2022-24868 was patched at 2024-07-26
86. Cross Site Scripting - GLPI (CVE-2022-31187) - Medium [383]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.7 | 10 | CVSS Base Score is 6.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.0005, EPSS Percentile is 0.20133 |
redos: CVE-2022-31187 was patched at 2024-07-26
87. Cross Site Scripting - GLPI (CVE-2022-35945) - Medium [383]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.6 | 10 | CVSS Base Score is 6.3. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26886 |
redos: CVE-2022-35945 was patched at 2024-07-26
88. Cross Site Scripting - GLPI (CVE-2022-39181) - Medium [383]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.6 | 10 | CVSS Base Score is 6.1. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00072, EPSS Percentile is 0.32046 |
redos: CVE-2022-39181 was patched at 2024-07-29
89. Cross Site Scripting - GLPI (CVE-2024-23645) - Medium [383]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00052, EPSS Percentile is 0.21091 |
redos: CVE-2024-23645 was patched at 2024-08-12
90. Cross Site Scripting - Safari (CVE-2024-40785) - Medium [383]
Description: This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.6 | 10 | CVSS Base Score is 6.1. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00073, EPSS Percentile is 0.32468 |
debian: CVE-2024-40785 was patched at 2024-08-21
91. Authentication Bypass - Chromium (CVE-2024-6999) - Medium [379]
Description: {'nvd_cve_data_all': 'Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17727 |
debian: CVE-2024-6999 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-6999 was patched at 2024-08-07
92. Authentication Bypass - Chromium (CVE-2024-7001) - Medium [379]
Description: {'nvd_cve_data_all': 'Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17727 |
debian: CVE-2024-7001 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-7001 was patched at 2024-08-07
93. Authentication Bypass - Chromium (CVE-2024-7003) - Medium [379]
Description: {'nvd_cve_data_all': 'Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17727 |
debian: CVE-2024-7003 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-7003 was patched at 2024-08-07
94. Authentication Bypass - GLPI (CVE-2022-39370) - Medium [379]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00054, EPSS Percentile is 0.23505 |
redos: CVE-2022-39370 was patched at 2024-07-26
95. Security Feature Bypass - Python (CVE-2024-41671) - Medium [379]
Description: Twisted is an event-based framework for internet applications, supporting
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.8 | 10 | CVSS Base Score is 8.3. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-41671 was patched at 2024-08-01
96. Command Injection - GLPI (CVE-2022-36112) - Medium [377]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.97 | 15 | Command Injection | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.3 | 10 | CVSS Base Score is 3.5. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26886 |
redos: CVE-2022-36112 was patched at 2024-07-26
97. Denial of Service - GLPI (CVE-2023-23610) - Medium [377]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00065, EPSS Percentile is 0.29102 |
redos: CVE-2023-23610 was patched at 2024-07-29
98. Memory Corruption - Mozilla Firefox (CVE-2024-7522) - Medium [377]
Description: Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.9 | 10 | CVSS Base Score is 9.1. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.0008, EPSS Percentile is 0.3501 |
almalinux: CVE-2024-7522 was patched at 2024-08-14, 2024-08-15
debian: CVE-2024-7522 was patched at 2024-08-07, 2024-08-08, 2024-08-21
oraclelinux: CVE-2024-7522 was patched at 2024-08-13, 2024-08-14
redhat: CVE-2024-7522 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19
ubuntu: CVE-2024-7522 was patched at 2024-08-19
99. Memory Corruption - Mozilla Firefox (CVE-2024-7527) - Medium [377]
Description: Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00084, EPSS Percentile is 0.36556 |
almalinux: CVE-2024-7527 was patched at 2024-08-14, 2024-08-15
debian: CVE-2024-7527 was patched at 2024-08-07, 2024-08-08, 2024-08-21
oraclelinux: CVE-2024-7527 was patched at 2024-08-13, 2024-08-14
redhat: CVE-2024-7527 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19
ubuntu: CVE-2024-7527 was patched at 2024-08-19
100. Memory Corruption - Mozilla Firefox (CVE-2024-7528) - Medium [377]
Description: Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.3041 |
almalinux: CVE-2024-7528 was patched at 2024-08-14, 2024-08-15
oraclelinux: CVE-2024-7528 was patched at 2024-08-13, 2024-08-14
redhat: CVE-2024-7528 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19
ubuntu: CVE-2024-7528 was patched at 2024-08-19
101. Security Feature Bypass - Zabbix (CVE-2024-22121) - Medium [377]
Description: A non-admin user can change or remove important features within the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services | |
0.6 | 10 | CVSS Base Score is 6.1. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-22121 was patched at 2024-08-21
102. Information Disclosure - GLPI (CVE-2022-31143) - Medium [376]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.5 | 10 | CVSS Base Score is 5.3. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26886 |
redos: CVE-2022-31143 was patched at 2024-07-26
103. Authentication Bypass - Kubernetes (CVE-2024-5321) - Medium [375]
Description: A security issue was discovered in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.7 | 14 | Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management | |
0.6 | 10 | CVSS Base Score is 6.1. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
redos: CVE-2024-5321 was patched at 2024-07-29
104. Security Feature Bypass - Oracle VM VirtualBox (CVE-2024-21106) - Medium [372]
Description: {'nvd_cve_data_all': 'Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.7 | 14 | Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
redos: CVE-2024-21106 was patched at 2024-07-24
105. Cross Site Scripting - GLPI (CVE-2022-24869) - Medium [371]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.5 | 10 | CVSS Base Score is 4.6. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00073, EPSS Percentile is 0.32398 |
redos: CVE-2022-24869 was patched at 2024-07-26
106. Cross Site Scripting - GLPI (CVE-2022-41941) - Medium [371]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.6 | 10 | CVSS Base Score is 6.2. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00054, EPSS Percentile is 0.23505 |
redos: CVE-2022-41941 was patched at 2024-07-29
107. Cross Site Scripting - GLPI (CVE-2023-22725) - Medium [371]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.6 | 10 | CVSS Base Score is 6.2. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00054, EPSS Percentile is 0.23505 |
redos: CVE-2023-22725 was patched at 2024-07-29
108. Elevation of Privilege - wpa_supplicant (CVE-2024-5290) - Medium [370]
Description: An issue was discovered in Ubuntu
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.6 | 14 | wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-5290 was patched at 2024-08-06, 2024-08-21
ubuntu: CVE-2024-5290 was patched at 2024-08-06
109. Remote Code Execution - assimp (CVE-2024-40724) - Medium [369]
Description: Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Product detected by a:assimp:assimp (exists in CPE dict) | |
0.8 | 10 | CVSS Base Score is 8.4. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-40724 was patched at 2024-08-01
redos: CVE-2024-40724 was patched at 2024-08-07
110. Remote Code Execution - ofono (CVE-2024-7543) - Medium [369]
Description: oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Product detected by a:ofono_project:ofono (does NOT exist in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-7543 was patched at 2024-08-21
111. Remote Code Execution - ofono (CVE-2024-7544) - Medium [369]
Description: oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Product detected by a:ofono_project:ofono (does NOT exist in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-7544 was patched at 2024-08-21
112. Remote Code Execution - ofono (CVE-2024-7545) - Medium [369]
Description: oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Product detected by a:ofono_project:ofono (does NOT exist in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-7545 was patched at 2024-08-21
113. Remote Code Execution - ofono (CVE-2024-7547) - Medium [369]
Description: oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Product detected by a:ofono_project:ofono (does NOT exist in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-7547 was patched at 2024-08-21
114. Code Injection - Python (CVE-2024-6923) - Medium [368]
Description: There is a MEDIUM severity vulnerability affecting C
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.97 | 15 | Code Injection | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-6923 was patched at 2024-08-21
115. Information Disclosure - Roundcube (CVE-2024-42010) - Medium [367]
Description: mod_css_styles in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.6 | 14 | Roundcube is a web-based IMAP email client | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-42010 was patched at 2024-08-08, 2024-08-13, 2024-08-21
116. Authentication Bypass - TLS (CVE-2024-2048) - Medium [365]
Description: Vault and Vault Enterprise (“Vault”)
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.5 | 14 | TLS | |
0.8 | 10 | CVSS Base Score is 8.1. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
redos: CVE-2024-2048 was patched at 2024-08-05
117. Denial of Service - Mozilla Firefox (CVE-2024-7518) - Medium [365]
Description: {'nvd_cve_data_all': 'Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00054, EPSS Percentile is 0.22581 |
almalinux: CVE-2024-7518 was patched at 2024-08-14, 2024-08-15
oraclelinux: CVE-2024-7518 was patched at 2024-08-13, 2024-08-14
redhat: CVE-2024-7518 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19
ubuntu: CVE-2024-7518 was patched at 2024-08-19
118. Memory Corruption - Chromium (CVE-2024-6988) - Medium [365]
Description: Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26915 |
debian: CVE-2024-6988 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-6988 was patched at 2024-08-07
119. Memory Corruption - Chromium (CVE-2024-6989) - Medium [365]
Description: Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26915 |
debian: CVE-2024-6989 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-6989 was patched at 2024-08-07
120. Memory Corruption - Chromium (CVE-2024-6990) - Medium [365]
Description: Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26915 |
debian: CVE-2024-6990 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-6990 was patched at 2024-08-07
121. Memory Corruption - Chromium (CVE-2024-6991) - Medium [365]
Description: Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26915 |
debian: CVE-2024-6991 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-6991 was patched at 2024-08-07
122. Memory Corruption - Chromium (CVE-2024-6994) - Medium [365]
Description: Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26915 |
debian: CVE-2024-6994 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-6994 was patched at 2024-08-07
123. Memory Corruption - Chromium (CVE-2024-6997) - Medium [365]
Description: Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26915 |
debian: CVE-2024-6997 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-6997 was patched at 2024-08-07
124. Memory Corruption - Chromium (CVE-2024-6998) - Medium [365]
Description: Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26915 |
debian: CVE-2024-6998 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-6998 was patched at 2024-08-07
125. Memory Corruption - Chromium (CVE-2024-7000) - Medium [365]
Description: Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26915 |
debian: CVE-2024-7000 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-7000 was patched at 2024-08-07
126. Memory Corruption - Chromium (CVE-2024-7255) - Medium [365]
Description: Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26915 |
debian: CVE-2024-7255 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-7255 was patched at 2024-08-07
127. Memory Corruption - Chromium (CVE-2024-7532) - Medium [365]
Description: Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26915 |
debian: CVE-2024-7532 was patched at 2024-08-08, 2024-08-21
redos: CVE-2024-7532 was patched at 2024-08-15
128. Memory Corruption - Chromium (CVE-2024-7533) - Medium [365]
Description: Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26915 |
debian: CVE-2024-7533 was patched at 2024-08-08, 2024-08-21
129. Memory Corruption - Chromium (CVE-2024-7534) - Medium [365]
Description: Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26915 |
debian: CVE-2024-7534 was patched at 2024-08-08, 2024-08-21
redos: CVE-2024-7534 was patched at 2024-08-15
130. Memory Corruption - Chromium (CVE-2024-7535) - Medium [365]
Description: Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26915 |
debian: CVE-2024-7535 was patched at 2024-08-08, 2024-08-21
redos: CVE-2024-7535 was patched at 2024-08-15
131. Memory Corruption - Chromium (CVE-2024-7536) - Medium [365]
Description: Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26915 |
debian: CVE-2024-7536 was patched at 2024-08-08, 2024-08-21
redos: CVE-2024-7536 was patched at 2024-08-15
132. Memory Corruption - Chromium (CVE-2024-7550) - Medium [365]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.26915 |
debian: CVE-2024-7550 was patched at 2024-08-08, 2024-08-21
redos: CVE-2024-7550 was patched at 2024-08-15
133. Memory Corruption - Mozilla Firefox (CVE-2024-7519) - Medium [365]
Description: Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00079, EPSS Percentile is 0.34904 |
almalinux: CVE-2024-7519 was patched at 2024-08-14, 2024-08-15
debian: CVE-2024-7519 was patched at 2024-08-07, 2024-08-08, 2024-08-21
oraclelinux: CVE-2024-7519 was patched at 2024-08-13, 2024-08-14
redhat: CVE-2024-7519 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19
ubuntu: CVE-2024-7519 was patched at 2024-08-19
134. Memory Corruption - Safari (CVE-2024-40782) - Medium [365]
Description: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17805 |
debian: CVE-2024-40782 was patched at 2024-08-21
135. Security Feature Bypass - Chromium (CVE-2024-7004) - Medium [365]
Description: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17727 |
debian: CVE-2024-7004 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-7004 was patched at 2024-08-07
136. Security Feature Bypass - Node.js (CVE-2024-42459) - Medium [365]
Description: In the Elliptic package 6.5.6 for
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more | |
0.5 | 10 | CVSS Base Score is 5.3. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-42459 was patched at 2024-08-21
137. Denial of Service - BIND (CVE-2024-0760) - Medium [360]
Description: A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | BIND is a suite of software for interacting with the Domain Name System | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.1958 |
debian: CVE-2024-0760 was patched at 2024-08-01
redos: CVE-2024-0760 was patched at 2024-08-07
ubuntu: CVE-2024-0760 was patched at 2024-07-23
138. Denial of Service - BIND (CVE-2024-1737) - Medium [360]
Description: Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | BIND is a suite of software for interacting with the Domain Name System | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00052, EPSS Percentile is 0.21016 |
almalinux: CVE-2024-1737 was patched at 2024-08-14, 2024-08-19
debian: CVE-2024-1737 was patched at 2024-07-25, 2024-08-01
oraclelinux: CVE-2024-1737 was patched at 2024-08-13, 2024-08-14, 2024-08-19
redhat: CVE-2024-1737 was patched at 2024-08-14, 2024-08-15, 2024-08-19, 2024-08-20
redos: CVE-2024-1737 was patched at 2024-08-07
ubuntu: CVE-2024-1737 was patched at 2024-07-23, 2024-08-01, 2024-08-15
139. Denial of Service - BIND (CVE-2024-1975) - Medium [360]
Description: If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | BIND is a suite of software for interacting with the Domain Name System | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.1958 |
almalinux: CVE-2024-1975 was patched at 2024-08-14, 2024-08-19
debian: CVE-2024-1975 was patched at 2024-07-25, 2024-08-01
oraclelinux: CVE-2024-1975 was patched at 2024-08-13, 2024-08-14, 2024-08-19
redhat: CVE-2024-1975 was patched at 2024-08-14, 2024-08-15, 2024-08-19, 2024-08-20
redos: CVE-2024-1975 was patched at 2024-08-07
ubuntu: CVE-2024-1975 was patched at 2024-07-23, 2024-08-01, 2024-08-15
140. Denial of Service - BIND (CVE-2024-4076) - Medium [360]
Description: Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | BIND is a suite of software for interacting with the Domain Name System | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
almalinux: CVE-2024-4076 was patched at 2024-08-14
debian: CVE-2024-4076 was patched at 2024-07-25, 2024-08-01
oraclelinux: CVE-2024-4076 was patched at 2024-08-13, 2024-08-14
redhat: CVE-2024-4076 was patched at 2024-08-14, 2024-08-15, 2024-08-19
redhat: CVE-2024-40767 was patched at 2024-08-07, 2024-08-08
redos: CVE-2024-4076 was patched at 2024-08-07
ubuntu: CVE-2024-4076 was patched at 2024-07-23
ubuntu: CVE-2024-40767 was patched at 2024-07-23
141. Cross Site Scripting - GLPI (CVE-2024-27914) - Medium [359]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.5 | 10 | CVSS Base Score is 5.3. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
redos: CVE-2024-27914 was patched at 2024-08-12
142. Denial of Service - Linux Kernel (CVE-2024-36932) - Medium [358]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
ubuntu: CVE-2024-36932 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13
143. Denial of Service - Linux Kernel (CVE-2024-42082) - Medium [358]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42082 was patched at 2024-08-01
144. Denial of Service - Linux Kernel (CVE-2024-42240) - Medium [358]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42240 was patched at 2024-08-21
145. Denial of Service - Linux Kernel (CVE-2024-42241) - Medium [358]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42241 was patched at 2024-08-21
146. Denial of Service - Linux Kernel (CVE-2024-42246) - Medium [358]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42246 was patched at 2024-08-21
147. Denial of Service - Linux Kernel (CVE-2024-42247) - Medium [358]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42247 was patched at 2024-08-12, 2024-08-21
148. Denial of Service - Linux Kernel (CVE-2024-42258) - Medium [358]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42258 was patched at 2024-08-21
149. Memory Corruption - Linux Kernel (CVE-2024-41058) - Medium [358]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-41058 was patched at 2024-08-01
150. Code Injection - Zabbix (CVE-2024-22123) - Medium [354]
Description: Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.97 | 15 | Code Injection | |
0.8 | 14 | Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services | |
0.3 | 10 | CVSS Base Score is 2.7. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-22123 was patched at 2024-08-21
151. Command Injection - Zabbix (CVE-2024-22122) - Medium [354]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.97 | 15 | Command Injection | |
0.8 | 14 | Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services | |
0.3 | 10 | CVSS Base Score is 3.0. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-22122 was patched at 2024-08-21
152. Denial of Service - GLPI (CVE-2024-28241) - Medium [353]
Description: The
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.7 | 10 | CVSS Base Score is 7.3. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
redos: CVE-2024-28241 was patched at 2024-08-12
153. Security Feature Bypass - GLPI (CVE-2022-39376) - Medium [353]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.3 | 10 | CVSS Base Score is 2.6. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00054, EPSS Percentile is 0.23505 |
redos: CVE-2022-39376 was patched at 2024-07-26
154. Security Feature Bypass - PHP (CVE-2024-41811) - Medium [353]
Description: ipl/web is a set of common web components for
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.4 | 10 | CVSS Base Score is 3.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-41811 was patched at 2024-08-21
155. Remote Code Execution - Git (CVE-2024-6873) - Medium [352]
Description: It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.4 | 14 | Git | |
0.8 | 10 | CVSS Base Score is 8.1. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-6873 was patched at 2024-08-21
156. Remote Code Execution - Linux Kernel (CVE-2024-43823) - Medium [352]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-43823 was patched at 2024-08-21
157. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42154) - Medium [352]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
0.7 | 10 | EPSS Probability is 0.00378, EPSS Percentile is 0.73283 |
debian: CVE-2024-42154 was patched at 2024-08-01, 2024-08-12
158. Security Feature Bypass - TLS (CVE-2024-7383) - Medium [351]
Description: A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.5 | 14 | TLS | |
0.7 | 10 | CVSS Base Score is 7.4. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-7383 was patched at 2024-08-21
159. Denial of Service - Envoy (CVE-2024-32475) - Medium [348]
Description: {'nvd_cve_data_all': 'Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5. ', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.\n', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | Envoy is a cloud-native, open-source edge and service proxy | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
redos: CVE-2024-32475 was patched at 2024-08-05
160. Denial of Service - QEMU (CVE-2024-7409) - Medium [348]
Description: A flaw was found in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | QEMU is a generic and open source machine & userspace emulator and virtualizer | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-7409 was patched at 2024-08-21
161. Security Feature Bypass - Oracle MySQL (CVE-2024-20996) - Medium [348]
Description: {'nvd_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.7 | 14 | MySQL is an open-source relational database management system | |
0.5 | 10 | CVSS Base Score is 4.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.14041 |
ubuntu: CVE-2024-20996 was patched at 2024-07-31
162. Security Feature Bypass - Oracle MySQL (CVE-2024-21125) - Medium [348]
Description: {'nvd_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.7 | 14 | MySQL is an open-source relational database management system | |
0.5 | 10 | CVSS Base Score is 4.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.14041 |
ubuntu: CVE-2024-21125 was patched at 2024-07-31
163. Security Feature Bypass - Oracle MySQL (CVE-2024-21129) - Medium [348]
Description: {'nvd_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.7 | 14 | MySQL is an open-source relational database management system | |
0.5 | 10 | CVSS Base Score is 4.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.14041 |
ubuntu: CVE-2024-21129 was patched at 2024-07-31
164. Security Feature Bypass - Oracle MySQL (CVE-2024-21130) - Medium [348]
Description: {'nvd_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.7 | 14 | MySQL is an open-source relational database management system | |
0.5 | 10 | CVSS Base Score is 4.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.14041 |
ubuntu: CVE-2024-21130 was patched at 2024-07-31
165. Memory Corruption - Linux Kernel (CVE-2024-27394) - Medium [346]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 8.1. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
ubuntu: CVE-2024-27394 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13
166. Memory Corruption - Linux Kernel (CVE-2024-41087) - Medium [346]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-41087 was patched at 2024-08-01
167. Memory Corruption - Linux Kernel (CVE-2024-41092) - Medium [346]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-41092 was patched at 2024-08-01
168. Memory Corruption - Linux Kernel (CVE-2024-41096) - Medium [346]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-41096 was patched at 2024-08-01
169. Memory Corruption - Linux Kernel (CVE-2024-42271) - Medium [346]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42271 was patched at 2024-08-21
170. Memory Corruption - Linux Kernel (CVE-2024-42284) - Medium [346]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42284 was patched at 2024-08-21
171. Memory Corruption - Linux Kernel (CVE-2024-42285) - Medium [346]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42285 was patched at 2024-08-21
172. Remote Code Execution - Unknown Product (CVE-2024-26020) - Medium [345]
Description: {'nvd_cve_data_all': 'An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
1.0 | 10 | CVSS Base Score is 9.6. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00091, EPSS Percentile is 0.39627 |
debian: CVE-2024-26020 was patched at 2024-08-01
173. Security Feature Bypass - Perl (CVE-2024-29068) - Medium [344]
Description: In snapd versions prior to 2.62, snapd failed to pro
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.6 | 14 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
0.6 | 10 | CVSS Base Score is 5.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-29068 was patched at 2024-08-01
ubuntu: CVE-2024-29068 was patched at 2024-08-01
174. Elevation of Privilege - Virtual GPU (CVE-2024-0084) - Medium [342]
Description: NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.5 | 14 | Product detected by a:nvidia:virtual_gpu (exists in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
redos: CVE-2024-0084 was patched at 2024-08-07
175. Memory Corruption - Zabbix (CVE-2024-36461) - Medium [341]
Description: Within
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services | |
0.9 | 10 | CVSS Base Score is 9.1. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-36461 was patched at 2024-08-21
176. Denial of Service - django (CVE-2023-46695) - Medium [339]
Description: An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Product detected by a:djangoproject:django (exists in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00064, EPSS Percentile is 0.28694 |
redos: CVE-2023-46695 was patched at 2024-07-30
177. Denial of Service - Oracle MySQL (CVE-2024-21171) - Medium [336]
Description: Vulnerability in the MySQL Server product of
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | MySQL is an open-source relational database management system | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.14041 |
ubuntu: CVE-2024-21171 was patched at 2024-07-31
178. Denial of Service - Oracle MySQL (CVE-2024-21177) - Medium [336]
Description: Vulnerability in the MySQL Server product of
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | MySQL is an open-source relational database management system | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.14041 |
ubuntu: CVE-2024-21177 was patched at 2024-07-31
179. Cross Site Scripting - GLPI (CVE-2022-39372) - Medium [335]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.3 | 10 | CVSS Base Score is 3.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00054, EPSS Percentile is 0.23505 |
redos: CVE-2022-39372 was patched at 2024-07-26
180. Memory Corruption - Linux Kernel (CVE-2024-36888) - Medium [334]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 6.2. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
ubuntu: CVE-2024-36888 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13
181. Security Feature Bypass - Git (CVE-2024-6472) - Medium [334]
Description: Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been di
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.4 | 14 | Git | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
almalinux: CVE-2024-6472 was patched at 2024-08-19, 2024-08-20
debian: CVE-2024-6472 was patched at 2024-08-05, 2024-08-21
oraclelinux: CVE-2024-6472 was patched at 2024-08-20
redhat: CVE-2024-6472 was patched at 2024-08-19, 2024-08-20, 2024-08-21
ubuntu: CVE-2024-6472 was patched at 2024-08-15
182. Denial of Service - Vault (CVE-2023-6337) - Medium [327]
Description: HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Product detected by a:hashicorp:vault (exists in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17727 |
redos: CVE-2023-6337 was patched at 2024-08-05
183. Denial of Service - django (CVE-2024-41990) - Medium [327]
Description: An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Product detected by a:djangoproject:django (exists in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00053, EPSS Percentile is 0.21936 |
debian: CVE-2024-41990 was patched at 2024-08-21
ubuntu: CVE-2024-41990 was patched at 2024-08-06
184. Denial of Service - django (CVE-2024-41991) - Medium [327]
Description: An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Product detected by a:djangoproject:django (exists in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00053, EPSS Percentile is 0.21936 |
debian: CVE-2024-41991 was patched at 2024-08-21
ubuntu: CVE-2024-41991 was patched at 2024-08-06
185. Cross Site Scripting - Python (CVE-2024-41810) - Medium [326]
Description: Twisted is an event-based framework for internet applications, supporting
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.6 | 10 | CVSS Base Score is 6.1. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-41810 was patched at 2024-08-01
186. Information Disclosure - HID (CVE-2024-7319) - Medium [326]
Description: An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.5 | 14 | HID | |
0.7 | 10 | CVSS Base Score is 7.4. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-7319 was patched at 2024-08-21
187. Denial of Service - Oracle MySQL (CVE-2024-21163) - Medium [324]
Description: Vulnerability in the MySQL Server product of
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | MySQL is an open-source relational database management system | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.14041 |
ubuntu: CVE-2024-21163 was patched at 2024-07-31
188. Security Feature Bypass - Oracle VM VirtualBox (CVE-2024-21108) - Medium [324]
Description: {'nvd_cve_data_all': 'Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.7 | 14 | Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation | |
0.3 | 10 | CVSS Base Score is 3.3. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
redos: CVE-2024-21108 was patched at 2024-07-24
189. Incorrect Calculation - Linux Kernel (CVE-2024-42066) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Incorrect Calculation | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-42066 was patched at 2024-08-01
190. Incorrect Calculation - Linux Kernel (CVE-2024-42102) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Incorrect Calculation | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13709 |
debian: CVE-2024-42102 was patched at 2024-08-01, 2024-08-12
191. Incorrect Calculation - Linux Kernel (CVE-2024-42223) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Incorrect Calculation | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42223 was patched at 2024-08-01, 2024-08-12
192. Memory Corruption - Linux Kernel (CVE-2023-52471) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
almalinux: CVE-2023-52471 was patched at 2024-08-08
oraclelinux: CVE-2023-52471 was patched at 2024-08-08
redhat: CVE-2023-52471 was patched at 2024-08-08
193. Memory Corruption - Linux Kernel (CVE-2023-52889) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2023-52889 was patched at 2024-08-21
194. Memory Corruption - Linux Kernel (CVE-2024-36884) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
ubuntu: CVE-2024-36884 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13
195. Memory Corruption - Linux Kernel (CVE-2024-36925) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
ubuntu: CVE-2024-36925 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13
196. Memory Corruption - Linux Kernel (CVE-2024-38563) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
ubuntu: CVE-2024-38563 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13
197. Memory Corruption - Linux Kernel (CVE-2024-41038) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-41038 was patched at 2024-08-01
198. Memory Corruption - Linux Kernel (CVE-2024-41089) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-41089 was patched at 2024-08-01
199. Memory Corruption - Linux Kernel (CVE-2024-41093) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-41093 was patched at 2024-08-01
200. Memory Corruption - Linux Kernel (CVE-2024-41095) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-41095 was patched at 2024-08-01
201. Memory Corruption - Linux Kernel (CVE-2024-41098) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-41098 was patched at 2024-08-01
202. Memory Corruption - Linux Kernel (CVE-2024-42065) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-42065 was patched at 2024-08-01
203. Memory Corruption - Linux Kernel (CVE-2024-42073) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42073 was patched at 2024-08-01
204. Memory Corruption - Linux Kernel (CVE-2024-42079) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42079 was patched at 2024-08-01
205. Memory Corruption - Linux Kernel (CVE-2024-42080) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42080 was patched at 2024-08-01
206. Memory Corruption - Linux Kernel (CVE-2024-42081) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-42081 was patched at 2024-08-01
207. Memory Corruption - Linux Kernel (CVE-2024-42232) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42232 was patched at 2024-08-12, 2024-08-21
208. Memory Corruption - Linux Kernel (CVE-2024-42236) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42236 was patched at 2024-08-12, 2024-08-21
209. Memory Corruption - Linux Kernel (CVE-2024-42238) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42238 was patched at 2024-08-21
210. Memory Corruption - Linux Kernel (CVE-2024-42269) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42269 was patched at 2024-08-21
211. Memory Corruption - Linux Kernel (CVE-2024-42270) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42270 was patched at 2024-08-21
212. Security Feature Bypass - Oracle Java SE (CVE-2024-20923) - Medium [320]
Description: {'nvd_cve_data_all': 'Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.6 | 14 | Oracle Java SE | |
0.3 | 10 | CVSS Base Score is 3.1. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17727 |
redos: CVE-2024-20923 was patched at 2024-08-20
213. Security Feature Bypass - Oracle Java SE (CVE-2024-20925) - Medium [320]
Description: {'nvd_cve_data_all': 'Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.6 | 14 | Oracle Java SE | |
0.3 | 10 | CVSS Base Score is 3.1. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17727 |
redos: CVE-2024-20925 was patched at 2024-08-20
214. Information Disclosure - Python (CVE-2024-40647) - Medium [319]
Description: sentry-sdk is the official
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.5 | 10 | CVSS Base Score is 5.3. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.10865 |
debian: CVE-2024-40647 was patched at 2024-08-01
215. Elevation of Privilege - Virtual GPU (CVE-2024-0085) - Medium [318]
Description: NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.5 | 14 | Product detected by a:nvidia:virtual_gpu (exists in CPE dict) | |
0.6 | 10 | CVSS Base Score is 6.3. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
redos: CVE-2024-0085 was patched at 2024-08-07
216. Memory Corruption - Safari (CVE-2024-40776) - Medium [317]
Description: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00108, EPSS Percentile is 0.44456 |
debian: CVE-2024-40776 was patched at 2024-08-21
217. Memory Corruption - Safari (CVE-2024-40779) - Medium [317]
Description: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.1885 |
debian: CVE-2024-40779 was patched at 2024-08-21
218. Memory Corruption - Safari (CVE-2024-40780) - Medium [317]
Description: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.1885 |
debian: CVE-2024-40780 was patched at 2024-08-21
219. Code Injection - Unknown Product (CVE-2024-43360) - Medium [316]
Description: {'nvd_cve_data_all': 'ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.97 | 15 | Code Injection | |
0 | 14 | Unknown Product | |
1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-43360 was patched at 2024-08-21
220. Denial of Service - TLS (CVE-2024-5971) - Medium [315]
Description: A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | TLS | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13709 |
redhat: CVE-2024-5971 was patched at 2024-08-08
221. Denial of Service - Oracle MySQL (CVE-2024-21127) - Medium [313]
Description: Vulnerability in the MySQL Server product of
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | MySQL is an open-source relational database management system | |
0.5 | 10 | CVSS Base Score is 4.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.14041 |
ubuntu: CVE-2024-21127 was patched at 2024-07-31
222. Denial of Service - Oracle MySQL (CVE-2024-21142) - Medium [313]
Description: Vulnerability in the MySQL Server product of
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | MySQL is an open-source relational database management system | |
0.5 | 10 | CVSS Base Score is 4.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.14041 |
ubuntu: CVE-2024-21142 was patched at 2024-07-31
223. Denial of Service - Oracle MySQL (CVE-2024-21162) - Medium [313]
Description: Vulnerability in the MySQL Server product of
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | MySQL is an open-source relational database management system | |
0.5 | 10 | CVSS Base Score is 4.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.14041 |
ubuntu: CVE-2024-21162 was patched at 2024-07-31
224. Denial of Service - Oracle MySQL (CVE-2024-21165) - Medium [313]
Description: Vulnerability in the MySQL Server product of
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | MySQL is an open-source relational database management system | |
0.5 | 10 | CVSS Base Score is 4.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.14041 |
ubuntu: CVE-2024-21165 was patched at 2024-07-31
225. Denial of Service - Oracle MySQL (CVE-2024-21173) - Medium [313]
Description: Vulnerability in the MySQL Server product of
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | MySQL is an open-source relational database management system | |
0.5 | 10 | CVSS Base Score is 4.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.14041 |
ubuntu: CVE-2024-21173 was patched at 2024-07-31
226. Denial of Service - Oracle MySQL (CVE-2024-21179) - Medium [313]
Description: Vulnerability in the MySQL Server product of
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | MySQL is an open-source relational database management system | |
0.5 | 10 | CVSS Base Score is 4.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.14041 |
ubuntu: CVE-2024-21179 was patched at 2024-07-31
227. Denial of Service - Oracle MySQL (CVE-2024-21185) - Medium [313]
Description: Vulnerability in the MySQL Server product of
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | MySQL is an open-source relational database management system | |
0.5 | 10 | CVSS Base Score is 4.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.14041 |
ubuntu: CVE-2024-21185 was patched at 2024-07-31
228. Denial of Service - vim (CVE-2024-41957) - Medium [313]
Description: Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | Vim is a free and open-source, screen-based text editor program | |
0.5 | 10 | CVSS Base Score is 4.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13333 |
debian: CVE-2024-41957 was patched at 2024-08-21
229. Memory Corruption - Linux Kernel (CVE-2024-42227) - Medium [310]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix overlapping copy within dml_core_mode_programming [WHY] &mode_lib->mp.Watermark and &locals->Watermark are the same address. memcpy may lead to unexpected behavior. [HOW] memmove should be used.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix overlapping copy within dml_core_mode_programming\n\n[WHY]\n&mode_lib->mp.Watermark and &locals->Watermark are\nthe same address. memcpy may lead to unexpected behavior.\n\n[HOW]\nmemmove should be used.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.5 | 10 | CVSS Base Score is 4.7. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-42227 was patched at 2024-08-01
230. Remote Code Execution - Unknown Product (CVE-2024-22116) - Medium [309]
Description: {'nvd_cve_data_all': 'An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
1.0 | 10 | CVSS Base Score is 9.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-22116 was patched at 2024-08-21
231. Remote Code Execution - Unknown Product (CVE-2024-5651) - Medium [309]
Description: {'nvd_cve_data_all': 'A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting\xa0 --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting\xa0 --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-5651 was patched at 2024-08-21
232. Path Traversal - Python (CVE-2024-42367) - Medium [308]
Description: aiohttp is an asynchronous HTTP client/server framework for asyncio and
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Path Traversal | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.5 | 10 | CVSS Base Score is 4.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-42367 was patched at 2024-08-21
233. Security Feature Bypass - Oracle Java SE (CVE-2024-20922) - Medium [308]
Description: {'nvd_cve_data_all': 'Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.6 | 14 | Oracle Java SE | |
0.2 | 10 | CVSS Base Score is 2.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.19696 |
redos: CVE-2024-20922 was patched at 2024-08-20
234. Denial of Service - Consul (CVE-2023-1297) - Medium [303]
Description: Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Product detected by a:hashicorp:consul (exists in CPE dict) | |
0.5 | 10 | CVSS Base Score is 4.9. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00078, EPSS Percentile is 0.34546 |
redos: CVE-2023-1297 was patched at 2024-08-05
235. Denial of Service - NVIDIA GPU Display Driver (CVE-2024-0079) - Medium [303]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | A NVIDIA driver is a software program that enables communication between your computer and the NVIDIA graphics processor installed in your system | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
redos: CVE-2024-0079 was patched at 2024-08-07
236. Denial of Service - Vault (CVE-2023-5954) - Medium [303]
Description: HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Product detected by a:hashicorp:vault (exists in CPE dict) | |
0.6 | 10 | CVSS Base Score is 5.9. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17727 |
redos: CVE-2023-5954 was patched at 2024-08-05
237. Denial of Service - libtiff (CVE-2024-7006) - Medium [303]
Description: A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Product detected by a:libtiff:libtiff (exists in CPE dict) | |
0.6 | 10 | CVSS Base Score is 6.2. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17727 |
debian: CVE-2024-7006 was patched at 2024-08-21
238. Memory Corruption - postgresql (CVE-2024-7348) - Medium [303]
Description: Time-of-check Time-of-use (TOCTOU)
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.5 | 14 | Product detected by a:postgresql:postgresql (exists in CPE dict) | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.0005, EPSS Percentile is 0.20006 |
debian: CVE-2024-7348 was patched at 2024-08-09, 2024-08-21
ubuntu: CVE-2024-7348 was patched at 2024-08-19
239. Denial of Service - Oracle MySQL (CVE-2024-21134) - Medium [301]
Description: Vulnerability in the MySQL Server product of
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | MySQL is an open-source relational database management system | |
0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.14041 |
ubuntu: CVE-2024-21134 was patched at 2024-07-31
240. Cross Site Scripting - Mozilla Firefox (CVE-2024-7524) - Medium [300]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
almalinux: CVE-2024-7524 was patched at 2024-08-14, 2024-08-15
debian: CVE-2024-7524 was patched at 2024-08-07, 2024-08-21
oraclelinux: CVE-2024-7524 was patched at 2024-08-13, 2024-08-14
redhat: CVE-2024-7524 was patched at 2024-08-13, 2024-08-14, 2024-08-15
ubuntu: CVE-2024-7524 was patched at 2024-08-19
241. Denial of Service - Linux Kernel (CVE-2024-42299) - Medium [298]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-42299 was patched at 2024-08-21
242. Denial of Service - Linux Kernel (CVE-2024-43817) - Medium [298]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-43817 was patched at 2024-08-21
243. Memory Corruption - Linux Kernel (CVE-2024-42229) - Medium [298]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.4 | 10 | CVSS Base Score is 4.1. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.10865 |
debian: CVE-2024-42229 was patched at 2024-08-01, 2024-08-12
244. Denial of Service - fugit (CVE-2024-43380) - Medium [291]
Description: fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check (user) input length for plausibility are impacted. A fix was released in fugit 1.11.1.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Product detected by a:floraison:fugit (does NOT exist in CPE dict) | |
0.5 | 10 | CVSS Base Score is 5.3. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-43380 was patched at 2024-08-21
245. Memory Corruption - django (CVE-2024-41989) - Medium [291]
Description: An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.5 | 14 | Product detected by a:djangoproject:django (exists in CPE dict) | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00053, EPSS Percentile is 0.21936 |
debian: CVE-2024-41989 was patched at 2024-08-21
ubuntu: CVE-2024-41989 was patched at 2024-08-06
246. Memory Corruption - FFmpeg (CVE-2024-7055) - Medium [289]
Description: A vulnerability was found in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
0.6 | 10 | CVSS Base Score is 6.3. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.10865 |
debian: CVE-2024-7055 was patched at 2024-08-14, 2024-08-21
247. Unknown Vulnerability Type - GLPI (CVE-2023-34254) - Medium [288]
Description: {'nvd_cve_data_all': 'The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.8 | 10 | CVSS Base Score is 7.6. According to NVD data source | |
0.5 | 10 | EPSS Probability is 0.00147, EPSS Percentile is 0.51394 |
redos: CVE-2023-34254 was patched at 2024-08-12
248. Denial of Service - Linux Kernel (CVE-2024-41064) - Medium [286]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.10865 |
debian: CVE-2024-41064 was patched at 2024-08-01, 2024-08-12
249. Denial of Service - Linux Kernel (CVE-2024-42304) - Medium [286]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13709 |
debian: CVE-2024-42304 was patched at 2024-08-21
250. Memory Corruption - Flatpak (CVE-2024-42472) - Medium [286]
Description: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox. Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.4 | 14 | Flatpak is a utility for software deployment and package management for Linux | |
1.0 | 10 | CVSS Base Score is 10.0. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13709 |
debian: CVE-2024-42472 was patched at 2024-08-14, 2024-08-21
251. Cross Site Scripting - moodle (CVE-2023-5541) - Medium [285]
Description: The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.5 | 14 | Product detected by a:moodle:moodle (exists in CPE dict) | |
0.3 | 10 | CVSS Base Score is 3.3. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00052, EPSS Percentile is 0.21305 |
redos: CVE-2023-5541 was patched at 2024-07-26
252. Remote Code Execution - Unknown Product (CVE-2023-31315) - Medium [285]
Description: {'nvd_cve_data_all': 'Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2023-31315 was patched at 2024-08-21
oraclelinux: CVE-2023-31315 was patched at 2024-08-08
253. Remote Code Execution - Unknown Product (CVE-2024-0077) - Medium [285]
Description: {'nvd_cve_data_all': 'NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
redos: CVE-2024-0077 was patched at 2024-08-07
254. Remote Code Execution - Unknown Product (CVE-2024-7538) - Medium [285]
Description: {'nvd_cve_data_all': 'oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT Commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23190.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of responses from AT Commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23190.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-7538 was patched at 2024-08-21
255. Remote Code Execution - Unknown Product (CVE-2024-7539) - Medium [285]
Description: {'nvd_cve_data_all': 'oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CUSD commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23195.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of responses from AT+CUSD commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23195.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-7539 was patched at 2024-08-21
256. Remote Code Execution - Unknown Product (CVE-2024-7546) - Medium [285]
Description: {'nvd_cve_data_all': 'oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23459.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23459.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-7546 was patched at 2024-08-21
257. Authentication Bypass - Unknown Product (CVE-2024-6993) - Medium [282]
Description: {'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0 | 14 | Unknown Product | |
0.9 | 10 | CVSS Base Score is 8.8. According to BDU data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
debian: CVE-2024-6993 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-6993 was patched at 2024-08-07
258. Information Disclosure - Filebeat (CVE-2023-31413) - Medium [279]
Description: Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.5 | 14 | Product detected by a:elastic:filebeat (exists in CPE dict) | |
0.3 | 10 | CVSS Base Score is 3.3. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
redos: CVE-2023-31413 was patched at 2024-07-26
259. Security Feature Bypass - Unknown Product (CVE-2024-25638) - Medium [279]
Description: {'nvd_cve_data_all': 'dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0 | 14 | Unknown Product | |
0.9 | 10 | CVSS Base Score is 8.9. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-25638 was patched at 2024-08-01
260. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42225) - Medium [269]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitialized data', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: replace skb_put with skb_put_zero\n\nAvoid potentially reusing uninitialized data', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.0005, EPSS Percentile is 0.20458 |
debian: CVE-2024-42225 was patched at 2024-08-01
261. Cross Site Scripting - Roundcube (CVE-2024-42008) - Medium [266]
Description: A
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.6 | 14 | Roundcube is a web-based IMAP email client | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-42008 was patched at 2024-08-08, 2024-08-13, 2024-08-21
262. Cross Site Scripting - Roundcube (CVE-2024-42009) - Medium [266]
Description: A
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.8 | 15 | Cross Site Scripting | |
0.6 | 14 | Roundcube is a web-based IMAP email client | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-42009 was patched at 2024-08-08, 2024-08-13, 2024-08-21
263. Spoofing - Chromium (CVE-2024-6996) - Medium [264]
Description: Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.4 | 15 | Spoofing | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.3 | 10 | CVSS Base Score is 3.1. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.17727 |
debian: CVE-2024-6996 was patched at 2024-07-31, 2024-08-01
redos: CVE-2024-6996 was patched at 2024-08-07
264. Unknown Vulnerability Type - Mozilla Firefox (CVE-2024-7526) - Medium [264]
Description: {'nvd_cve_data_all': 'ANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'ANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.30511 |
almalinux: CVE-2024-7526 was patched at 2024-08-14, 2024-08-15
debian: CVE-2024-7526 was patched at 2024-08-07, 2024-08-08, 2024-08-21
oraclelinux: CVE-2024-7526 was patched at 2024-08-13, 2024-08-14
redhat: CVE-2024-7526 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19
ubuntu: CVE-2024-7526 was patched at 2024-08-19
265. Incorrect Calculation - Linux Kernel (CVE-2024-42136) - Medium [263]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Incorrect Calculation | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-42136 was patched at 2024-08-01
266. Memory Corruption - Linux Kernel (CVE-2024-35858) - Medium [263]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
ubuntu: CVE-2024-35858 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13
267. Memory Corruption - Linux Kernel (CVE-2024-36011) - Medium [263]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hci_le_big_sync_established_evt().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: HCI: Fix potential null-ptr-deref\n\nFix potential null-ptr-deref in hci_le_big_sync_established_evt().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
ubuntu: CVE-2024-36011 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13
268. Memory Corruption - Linux Kernel (CVE-2024-38539) - Medium [263]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
ubuntu: CVE-2024-38539 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13
269. Memory Corruption - Linux Kernel (CVE-2024-38551) - Medium [263]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Assign dummy when codec not specified for a DAI link MediaTek sound card drivers are checking whether a DAI link is present and used on a board to assign the correct parameters and this is done by checking the codec DAI names at probe time. If no real codec is present, assign the dummy codec to the DAI link to avoid NULL pointer during string comparison.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: Assign dummy when codec not specified for a DAI link\n\nMediaTek sound card drivers are checking whether a DAI link is present\nand used on a board to assign the correct parameters and this is done\nby checking the codec DAI names at probe time.\n\nIf no real codec is present, assign the dummy codec to the DAI link\nto avoid NULL pointer during string comparison.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
ubuntu: CVE-2024-38551 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13
270. Memory Corruption - Linux Kernel (CVE-2024-41051) - Medium [263]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-41051 was patched at 2024-08-01
271. Memory Corruption - Linux Kernel (CVE-2024-41057) - Medium [263]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-41057 was patched at 2024-08-01
272. Memory Corruption - Linux Kernel (CVE-2024-41066) - Medium [263]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-41066 was patched at 2024-08-01
273. Memory Corruption - Linux Kernel (CVE-2024-41076) - Medium [263]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-41076 was patched at 2024-08-01
274. Memory Corruption - Linux Kernel (CVE-2024-42314) - Medium [263]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-42314 was patched at 2024-08-21
275. Remote Code Execution - Unknown Product (CVE-2024-43168) - Medium [261]
Description: {'nvd_cve_data_all': 'A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
0.5 | 10 | CVSS Base Score is 4.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
debian: CVE-2024-43168 was patched at 2024-08-21
276. Elevation of Privilege - Unknown Product (CVE-2023-42667) - Medium [258]
Description: {'nvd_cve_data_all': 'Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2023-42667 was patched at 2024-08-21
ubuntu: CVE-2023-42667 was patched at 2024-08-20
277. Unknown Vulnerability Type - Linux Kernel (CVE-2024-41061) - Medium [257]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport [Why] Potential out of bounds access in dml2_calculate_rq_and_dlg_params() because the value of out_lowest_state_idx used as an index for FCLKChangeSupport array can be greater than 1. [How] Currently dml2 core specifies identical values for all FCLKChangeSupport elements. Always use index 0 in the condition to avoid out of bounds access.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport\n\n[Why]\nPotential out of bounds access in dml2_calculate_rq_and_dlg_params()\nbecause the value of out_lowest_state_idx used as an index for FCLKChangeSupport\narray can be greater than 1.\n\n[How]\nCurrently dml2 core specifies identical values for all FCLKChangeSupport\nelements. Always use index 0 in the condition to avoid out of bounds access.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-41061 was patched at 2024-08-01
278. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42159) - Medium [257]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't be allowed.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42159 was patched at 2024-08-01
279. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42160) - Medium [257]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fs_build_fault_attr() - It missed to check validation of fault attrs in parse_options(), let's fix to add check condition in f2fs_build_fault_attr(). - Use f2fs_build_fault_attr() in __sbi_store() to clean up code.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: check validation of fault attrs in f2fs_build_fault_attr()\n\n- It missed to check validation of fault attrs in parse_options(),\nlet's fix to add check condition in f2fs_build_fault_attr().\n- Use f2fs_build_fault_attr() in __sbi_store() to clean up code.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42160 was patched at 2024-08-01
280. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42161) - Medium [257]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as: \t[...] \tunsigned long long val;\t\t\t\t\t\t \\ \t[...]\t\t\t\t\t\t\t\t \\ \tswitch (__CORE_RELO(s, field, BYTE_SIZE)) {\t\t\t \\ \tcase 1: val = *(const unsigned char *)p; break;\t\t\t \\ \tcase 2: val = *(const unsigned short *)p; break;\t\t \\ \tcase 4: val = *(const unsigned int *)p; break;\t\t\t \\ \tcase 8: val = *(const unsigned long long *)p; break;\t\t \\ } \t\t\t\t\t\t\t \\ \t[...] \tval;\t\t\t\t\t\t\t\t \\ \t}\t\t\t\t\t\t\t\t \\ This patch adds a default entry in the switch statement that sets `val' to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE. Tested in bpf-next master. No regressions.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD\n\n[Changes from V1:\n - Use a default branch in the switch statement to initialize `val'.]\n\nGCC warns that `val' may be used uninitialized in the\nBPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as:\n\n\t[...]\n\tunsigned long long val;\t\t\t\t\t\t \\\n\t[...]\t\t\t\t\t\t\t\t \\\n\tswitch (__CORE_RELO(s, field, BYTE_SIZE)) {\t\t\t \\\n\tcase 1: val = *(const unsigned char *)p; break;\t\t\t \\\n\tcase 2: val = *(const unsigned short *)p; break;\t\t \\\n\tcase 4: val = *(const unsigned int *)p; break;\t\t\t \\\n\tcase 8: val = *(const unsigned long long *)p; break;\t\t \\\n } \t\t\t\t\t\t\t \\\n\t[...]\n\tval;\t\t\t\t\t\t\t\t \\\n\t}\t\t\t\t\t\t\t\t \\\n\nThis patch adds a default entry in the switch statement that sets\n`val' to zero in order to avoid the warning, and random values to be\nused in case __builtin_preserve_field_info returns unexpected values\nfor BPF_FIELD_BYTE_SIZE.\n\nTested in bpf-next master.\nNo regressions.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42161 was patched at 2024-08-01, 2024-08-12
281. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42224) - Medium [257]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_entry() is non-NULL. This appears to be intended to guard against the list chip->mdios being empty. However, it is not the correct check as the implementation of list_first_entry is not designed to return NULL for empty lists. Instead, use list_first_entry_or_null() which does return NULL if the list is empty. Flagged by Smatch. Compile tested only.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO\nbusses") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty. However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42224 was patched at 2024-08-01, 2024-08-12
282. Unknown Vulnerability Type - Mozilla Firefox (CVE-2024-7531) - Medium [252]
Description: {'nvd_cve_data_all': 'Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.0006, EPSS Percentile is 0.26532 |
debian: CVE-2024-7531 was patched at 2024-08-07, 2024-08-21
ubuntu: CVE-2024-7531 was patched at 2024-08-19
283. Incorrect Calculation - Linux Kernel (CVE-2024-43828) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Incorrect Calculation | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.10865 |
debian: CVE-2024-43828 was patched at 2024-08-21
284. Memory Corruption - Linux Kernel (CVE-2023-52433) - Medium [251]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an already released object. Once transaction is finished, async GC will collect such expired element.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: skip sync GC for new elements in this transaction\n\nNew elements in this transaction might expired before such transaction\nends. Skip sync GC for such elements otherwise commit path might walk\nover an already released object. Once transaction is finished, async GC\nwill collect such expired element.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.10865 |
redos: CVE-2023-52433 was patched at 2024-08-13
285. Memory Corruption - Linux Kernel (CVE-2024-36030) - Medium [251]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: fix the double free in rvu_npc_freemem() Clang static checker(scan-build) warning: drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c:line 2184, column 2 Attempt to free released memory. npc_mcam_rsrcs_deinit() has released 'mcam->counters.bmap'. Deleted this redundant kfree() to fix this double free problem.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: fix the double free in rvu_npc_freemem()\n\nClang static checker(scan-build) warning:\ndrivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c:line 2184, column 2\nAttempt to free released memory.\n\nnpc_mcam_rsrcs_deinit() has released 'mcam->counters.bmap'. Deleted this\nredundant kfree() to fix this double free problem.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
ubuntu: CVE-2024-36030 was patched at 2024-08-08, 2024-08-09, 2024-08-12, 2024-08-13
286. Memory Corruption - Linux Kernel (CVE-2024-41012) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13709 |
debian: CVE-2024-41012 was patched at 2024-08-01, 2024-08-12
287. Memory Corruption - Linux Kernel (CVE-2024-41014) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-41014 was patched at 2024-08-01
288. Memory Corruption - Linux Kernel (CVE-2024-41023) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-41023 was patched at 2024-08-01
289. Memory Corruption - Linux Kernel (CVE-2024-41040) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.10865 |
debian: CVE-2024-41040 was patched at 2024-08-01, 2024-08-12
290. Memory Corruption - Linux Kernel (CVE-2024-41049) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.10865 |
debian: CVE-2024-41049 was patched at 2024-08-01, 2024-08-12
291. Memory Corruption - Linux Kernel (CVE-2024-41070) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.10865 |
debian: CVE-2024-41070 was patched at 2024-08-01, 2024-08-12
292. Memory Corruption - Linux Kernel (CVE-2024-42104) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13709 |
debian: CVE-2024-42104 was patched at 2024-08-01, 2024-08-12
293. Memory Corruption - Linux Kernel (CVE-2024-42105) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13709 |
debian: CVE-2024-42105 was patched at 2024-08-01, 2024-08-12
294. Memory Corruption - Linux Kernel (CVE-2024-42137) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.10865 |
debian: CVE-2024-42137 was patched at 2024-08-01, 2024-08-12
295. Memory Corruption - Linux Kernel (CVE-2024-42287) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.10865 |
debian: CVE-2024-42287 was patched at 2024-08-21
296. Memory Corruption - Linux Kernel (CVE-2024-42288) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.10865 |
debian: CVE-2024-42288 was patched at 2024-08-21
297. Memory Corruption - Linux Kernel (CVE-2024-42302) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.10865 |
debian: CVE-2024-42302 was patched at 2024-08-21
298. Memory Corruption - Linux Kernel (CVE-2024-43861) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13709 |
debian: CVE-2024-43861 was patched at 2024-08-21
299. Memory Corruption - Linux Kernel (CVE-2024-43871) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13709 |
debian: CVE-2024-43871 was patched at 2024-08-21
300. Memory Corruption - Linux Kernel (CVE-2024-43882) - Medium [251]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13709 |
debian: CVE-2024-43882 was patched at 2024-08-21
301. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42162) - Medium [245]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: gve: Account for stopped queues when reading NIC stats We now account for the fact that the NIC might send us stats for a subset of queues. Without this change, gve_get_ethtool_stats might make an invalid access on the priv->stats_report->stats array.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Account for stopped queues when reading NIC stats\n\nWe now account for the fact that the NIC might send us stats for a\nsubset of queues. Without this change, gve_get_ethtool_stats might make\nan invalid access on the priv->stats_report->stats array.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.7 | 10 | CVSS Base Score is 7.0. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-42162 was patched at 2024-08-01
302. Unknown Vulnerability Type - Linux Kernel (CVE-2024-42228) - Medium [245]
Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To really improve the handling we would actually need to have a separate value of 0xffffffff.(Christian)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n need to have a separate value of 0xffffffff.(Christian)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.7 | 10 | CVSS Base Score is 7.0. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05019 |
debian: CVE-2024-42228 was patched at 2024-08-01
303. Memory Corruption - nginx_open_source (CVE-2024-7347) - Medium [244]
Description: NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.5 | 14 | Product detected by a:f5:nginx_open_source (does NOT exist in CPE dict) | |
0.5 | 10 | CVSS Base Score is 4.7. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13333 |
debian: CVE-2024-7347 was patched at 2024-08-21
304. Security Feature Bypass - Unknown Product (CVE-2024-24980) - Medium [244]
Description: {'nvd_cve_data_all': 'Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0 | 14 | Unknown Product | |
0.6 | 10 | CVSS Base Score is 6.1. According to NVD data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.09526 |
debian: CVE-2024-24980 was patched at 2024-08-21
ubuntu: CVE-2024-24980 was patched at 2024-08-20
305. Unknown Vulnerability Type - GLPI (CVE-2022-39234) - Medium [240]
Description: {'nvd_cve_data_all': 'GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Deleted/deactivated user could continue to use their account as long as its cookie is valid. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Deleted/deactivated user could continue to use their account as long as its cookie is valid. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.5 | 10 | CVSS Base Score is 4.7. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00104, EPSS Percentile is 0.4323 |
redos: CVE-2022-39234 was patched at 2024-07-26
306. Unknown Vulnerability Type - GLPI (CVE-2023-51446) - Medium [240]
Description: {'nvd_cve_data_all': 'GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.6 | 10 | CVSS Base Score is 5.9. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00063, EPSS Percentile is 0.28035 |
redos: CVE-2023-51446 was patched at 2024-08-12
307. Unknown Vulnerability Type - GLPI (CVE-2024-27930) - Medium [240]
Description: {'nvd_cve_data_all': 'GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
redos: CVE-2024-27930 was patched at 2024-08-12
308. Unknown Vulnerability Type - GLPI (CVE-2024-27937) - Medium [240]
Description: {'nvd_cve_data_all': 'GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13. ', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13.\n', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.8 | 14 | GLPI is an open source IT Asset Management, issue tracking system and service desk system | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.16364 |
redos: CVE-2024-27937 was patched at 2024-08-12
309. Memory Corruption - Linux Kernel (CVE-2022-48869) - Medium [239]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
debian: CVE-2022-48869 was patched at 2024-08-21
310. Memory Corruption - Linux Kernel (CVE-2022-48872) - Medium [239]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
debian: CVE-2022-48872 was patched at 2024-08-21
311. Memory Corruption - Linux Kernel (CVE-2022-48873) - Medium [239]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
debian: CVE-2022-48873 was patched at 2024-08-21
312. Memory Corruption - Linux Kernel (CVE-2022-48874) - Medium [239]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
debian: CVE-2022-48874 was patched at 2024-08-21
313. Memory Corruption - Linux Kernel (CVE-2022-48878) - Medium [239]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
debian: CVE-2022-48878 was patched at 2024-08-21
314. Memory Corruption - Linux Kernel (CVE-2022-48885) - Medium [239]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
debian: CVE-2022-48885 was patched at 2024-08-21
315.